REDLEGG BLOG

Emergency Vulnerability Bulletin

12/11/21 7:57 PM  |  by RedLegg Blog

LOG4J Remote Code Execution Vulnerability 

Identifier: CVE-2021-44228

Exploit or POC: YES.

Update: https://nvd.nist.gov/vuln/detail/CVE-2021-44228

Description: CVE-2021-44228 allows an attacker to remotely execute code on the widely used logging library (Log4j). Log4J, between versions 2.0 and 2.14.1 are all affected. Log4j has been patched, but due to the Log4J implementation, the updates may come from the vendors that use Log4J in their applications and may not be able to be updated manually in some cases. If the host is running Java runtime later than 8u121, the exploit will not work due to com.sun.jndi.rmi.object.trustURLCodebase and com.sun.jndi.cosnaming.object.trustURLCodebase being disabled by default.

Mitigation recommendation:

  • Disable JNDI lookup by removing the JndiLookup file in the log4j-core and restart the service.
  • Restart using the start parameter ‘ log4j2.formatMsgNoLookups; ‘ with the value of true if you’re unable to patch will work as temporary mitigation.
    Example: “java -log4j2.formatMsgNoLookups=true -jar application.jar”
  • Update to the newest version of log4j https://github.com/apache/logginglog4j2/releases/tag/log4j-2.15.0-rc2

Get Blog Updates

Related Articles

Log4j In-Depth 96bravo

Log4j In-Depth

About On December 9th, 2021, a severe vulnerability (CVE-2021-44228) was released for the widely utilized Apache Log4j ...
Critical Vulnerability Bulletin December 2021 96bravo

Critical Vulnerability Bulletin December 2021

LOG4J Remote Code Execution Vulnerability (Update) Identifier: CVE-2021-44228 and CVE-2021-45046 Exploit or POC: YES. ...
Critical Security Vulnerabilities Bulletin